>From the end of Ian's new doc on Application Development: ''' A basic framework for your SitePage might be:
from WebKit.Page import Page class SitePage(Page): def respond(self, trans): if self.securePage(): if not self.session().value('username', False): self.respondLogIn() return def securePage(self): """Override this method in your servlets to return True if the page should only be accessible to logged-in users -- by default pages are publically viewable""" return False def respondLogin(self): #@@ s/b respondLogIn # Here we should deal with logging in... pass Obviously there are a lot of details to add in on your own which are specific to your application and the security and user model you are using. ''' I have managed to create an application that deals with session logins and session timeouts, but have often wondered about the proper way to handle the process. Could you elaborate on the above a bit more? Specifically, doesn't the method respond have to call its ancestor in Page (HTTPServlet)? What does the method respondLogIn do if it discovers the session has timed out or this is the request for a login page rather than an incoming CGI login form? Why did you choose to override the method respond rather than awake as in SecurePage.py in the WebKit Examples? A few lines of SecurePage have puzzled me as well, this from line 40: # Get login id and immediately clear it from the session loginid = session.value('loginid', None) if loginid: session.delValue('loginid') ...and these from line 58: # Check if they can successfully log in. The loginid must match what was previously # sent. if request.field('loginid', 'nologin')==loginid and self.loginUser(username, password): # Successful login. # Clear out the login parameters request.delField('username') request.delField('password') request.delField('login') request.delField('loginid') I have never understood where session.value('loginid') is being set, why it is being deleted if it exists, why the incoming id must match the old value, and what is the benefit of doing request.delField(...). Roger Haase __________________________________________________ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com ------------------------------------------------------- This SF.NET email is sponsored by: SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See! http://www.vasoftware.com _______________________________________________ Webware-discuss mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/webware-discuss